Host Probe

Having written code to see what switch ports were in use, I thought it might be interesting to have a look at the other end. The organisation I work for keeps an inventory of all the network connected kit, but this is always out of date almost by definition as devices are added and withdrawn constantly. Also there is the fact that certain areas have unauthorized devices which are not owned up to.
Host Probe is the answer!
The script works through a list or range of ipaddresses, first it pings the host. If no reply it assumes a vacant address. This needs changing to 2-3 pings to be certain nothing exists as sometimes 1 ping can get lost in a network. A shortcoming of this is that devices set to drop ICMP will never get poked, typically firewalls. But you should know about these anyway.... I may use nmap in stealth mode to see if I can find devices in future, but anything that takes this much effort will probably drop other packets as well. If the ping is successful, hostprobe attempts to pull info out of netbios using nbtstat. An snmp probe is issued, this relies on the community string being correct. I have not tested the behaviour yet if snmp answers but has a different string value.
DNS is consulted to see if a PTR record exists, this will only work of course if your internal name space has been populated or you are being naughty and scanning segments of the internet.
Finally, nmap is employed to attempt to do an os guess, all of these tests have to be read together as individual entries can be told to lie and are frequently ambiguous.

To Do. Main thing is to work out some code to work out the ipaddresses to be tested from an address and mask, eg 172.25.0.1/255.255.255.0 or 172.25.0.1/24 or even 172.25.0.1/255.255.252.0 for a 1024 host range. Answers on a postcard!
Haven't sorted this yet, but the answer is to do all the arithmetic in hex not decimal, then 255 rolls over to 000 (ff->00), finally convert back to decimal if needed for easy to understand display.